Provisioning involves mapping users to content. It’s a simple concept that gets complicated by the abstract notion of groups. Provisioning ends up becoming the aggregation of permissions across three different groupings of users: Domains, Roles, and Users.
Users and Groups
|Domain||A specialized group of users in the system which allows for uniqueness.|
|Role||Roles are an abstract grouping mechanism, geared toward assigning consistent content across Domains.|
|User||This represents individual users in the system.|
Content and Groups
The other side of the provisioning equation is content. Content equates to “Pages” in the system. Pages are organized into a hierarchical tree structure in order to make the provisioning task more straightforward.
|Folder||A grouping of Pages.|
|Page||A collection of Visualizations.|
The Provisioning User Interface
Provisioning is a layered concept, and an Administrator’s focus can shift based between those layers based on the task at hand:
- One day an Administrator might be interested in an individual user in the system.
- Another day, an Administrator might be focused on an entire Domain of users.
The user interface accommodates these different perspectives via the Manage By selector.
The “Manage By” Selector
The user interface allows you to shift the unit of focus for the provisioning page via the Manage By pull-down. This allows an administrator to provision content from a variety of different perspectives.
The Manage By drop-down supports the following parameters, which map to the different ways users can be grouped in the system:
|Domains||Selecting Manage By: Domains updates the left panel to display the list of Domains currently configured in the system. You can modify the list of Domains using the available controls in the footer. Selecting a Domain in the left panel provides context to the tabs in the right panel, allowing you to provision both Content and Users from the perspective of a Domain.|
|Roles||Selecting Manage By: Roles updates the left panel to display the list of Roles currently configured in the system. You can modify the list of Roles using the available controls in the footer. Selecting a Role in the left panel provides context to the tabs in the right panel, allowing you to provision both Content and Users from the perspective of a Role.
Note: Secured Variables and Credentials tabs are missing from the Roles perspective. This is because individual Users can belong to multiple Roles, and that could cause conflicts when evaluating Secured Variable and Credentials. These elements must be configured from either the Domain or User perspective.
Roles may also be configured to provide administrative access for users at less than the Full Admin rights. For instance, roles may grant permissions to create users in certain domains. This concept is described as “Partial Admin”.
|Users||Selecting Manage By: Users updates the left panel with a list of Users in the system. You can modify the list of Users with the available controls in footer. Selecting a User in the left panel provides context to the tabs in the right panel, allowing you to provision Roles from the perspective of a User.
Users represent the individual users in the system. Edge does not permit provisioning of Content directly to Users, because it can create a maintenance nightmare. It is considered best practice to provision content using Domains and Roles, and then manage access via each User’s membership in those Domains and Roles. If the special case arises that you want to provision Content to a specific individual User, create a Role with only the single User assigned to that Role, and then provision the Content to that Role.
|Defaults||Defaults represent the concept of “Globals” in the system.|
Stock Domains, Roles, and Users
Edge ships with one Domain, two Roles, and one User:
|admin||admin||default||administration, AllUsers||Everything (all items in the Content Menu, System Menu, and Admin Menu)|